← Back to CVE List
CVE-2018-25083
Published:
2023-03-27T03:15Z
Last Modified:
2025-02-24T20:15Z
Source:
MITRE CVE List
License:
MITRE-CVE-TOS
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt